CVE-2014-1262
https://notcve.org/view.php?id=CVE-2014-1262
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipulados que provocan una corrupción de memoria. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-1255
https://notcve.org/view.php?id=CVE-2014-1255
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 no valida debidamente llamadas a la función "free", lo que permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipuilados. • http://support.apple.com/kb/HT6150 • CWE-20: Improper Input Validation •
CVE-2014-1256
https://notcve.org/view.php?id=CVE-2014-1256
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Desbordamiento de buffer en Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipilados. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6661
https://notcve.org/view.php?id=CVE-2013-6661
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 33.0.1750.117 permiten a atacantes evadir el mecanismo de protección sandbox después de obtener acceso de renderizado, o tener otro impacto, a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html http://www.debian.org/security/2014/dsa-2883 https://code.google.com/p/chromium/issues/detail?id=294687 https://code.google.com/p/chromium/issues/detail?id=312016 https://code.google.com/p/chromium/issues/detail?id=313005 https://code.google.com/p/chromium/issues/detail?id=314088 https://code.google.com/p/chromium/issues/detail? •
CVE-2013-6652
https://notcve.org/view.php?id=CVE-2013-6652
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. ... Vulnerabilidad de salto de directorio en sandbox/win/src/named_pipe_dispatcher.cc en Google Chrome anterior a 33.0.1750.117 en Windows permite a atacantes remotos evadir restricciones de política named-pipe en el sandbox a través de vectores relacionados con (1) la falta de comprobaciones para las secuencias .. • http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html https://code.google.com/p/chromium/issues/detail?id=334897 https://src.chromium.org/viewvc/chrome?revision=247511&view=revision • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •